DIY Java Static Analysis

Presenting the internals of SonarJava : a static analyzer for Java written in Java

How can you build a static analyzer from scratch in Java for Java ? Let's go through different tools useful for this purpose : Syntax, Semantic and Symbolic Execution and find bugs without executing the code !

The talk is a dive into the internals of SonarJava, an open source static analyzer for SonarQube. The aim of the talk is to explain how we stack up different technology and tools (around compiler frontend) to build up rules to detect all kind of code smells issues but also some more advanced bugs like resource leaks and null pointer exceptions.

Come discover how static analysis is a way to do this by discovering the internals of the Java Analyzer of SonarQube. What are the difficulties to understand the Java Language ? How you can leverage what has been openly achieved with SonarJava and what are the next steps in terms of java static analysis to discover even trickier bugs in your code.